[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: .exit handling (was Yahoo Mail and Tor)



downie - wrote:
> 
> > Date: Fri, 10 Jul 2009 11:15:25 -0400
> > From: erilenz@xxxxxxxxx
> > To: or-talk@xxxxxxxxxxxxx
> > Subject: Re: Yahoo Mail and Tor
> 
> > If I'm proxying through Tor and I type this into my browser:
> >
> > www.google.com.example.exit
> >
> > My browser asks the proxy for a connection to
> "www.google.com.example.exit"
> >
> > Once my browser receives the connection, it then sends this down it:
> >
> > GET / HTTP/1.1\r\n
> > Host: www.google.com.example.exit\r\n
> > \r\n
> >
> > The problem is that some web servers have multiple websites on the
> same IP
> > and they decide which website to serve by looking at the HTTP Host
> header.
> > So you need privoxy/polipo to strip the "example.exit" from the HTTP
> Host
> > header before forwarding on the actual HTTP request, so it sends
> this
> > instead:
> >
> > GET / HTTP/1.1\r\n
> > Host: www.google.com\r\n
> > \r\n
> >
> > --
> > Erilenz
> 
> So far so good. A possible problem then arises when the served page
> contains absolute URLs for resources, links etc which no longer use
> the .exit notation, and so could be fetched from a different exit. How
> often that would happen is open to question.
> Another Privoxy rule could be written to rewrite those page URLs I
> guess, but how would you pass the name of the required exit to the
> rule?

Should the tor exit be removing the .exit notation from the header
instead of privoxy?  Or perhaps the tor client, which selects the
route?  (I mistakenly thought one of those did it now.  It has been a
long time since I've used .exit ...)